HPE Community
Comware Based
1753261 Members
5042 Online
108792 Solutions
New Discussion

Connectio FlexNetwork 7500 to Fortigate 380D

 
pificeli
Occasional Advisor

‎11-26-2018 01:27 AM

‎11-26-2018 01:27 AM

Connectio FlexNetwork 7500 to Fortigate 380D

 Hi all,

I want to connect my HPE 7500 to FORTIGATE 380D with two 1G channel link aggregation.

this is my 7500 Configuration:

#

interface Bridge-Aggregation 1

port link-type trunk

port trunk permit vlan all

link-aggregation mode dynamic

#

interface Ten-GigabitEthernet1/0/28

port link-aggregation group 1

#

interface Ten-GigabitEthernet1/0/29

port link-aggregation group 1

#

 this is my fortigate configuration:

      edit "LinkAgg"
         set vdom "root"
         set ip 192.168.202.1 255.255.255.0
         set allowaccess ping https ssh
         set l2forward enable
         set stpforward enable
         set type aggregate
         set member "port9" "port10" "port11"
         set fortiheartbeat enable
         set role lan
         set snmp-index 15
         set lacp-mode passive
         set lacp-ha-slave disable
     next

I connec to 2 PC on switch and 2 PC on fortigate and i have full visibility with all of them.

I use iperf to verify bandwith between 7500 and FORTIGATE; 2 PC are server and 2 pc are client.

When i start my lab i expeect this:

PC1 (iperf client) to SRV1 (iperf server) = 1G bandwidth

PC2 (iperf client) to SRV2 (iperf server) = 1G bandwidth

How can i have 2 connection 1G?

Thanks

Pietro Ficeli
0 Kudos
3 REPLIES 3
network_king
HPE Pro

‎11-26-2018 03:10 AM

‎11-26-2018 03:10 AM

Re: Connectio FlexNetwork 7500 to Fortigate 380D


Hello,

Do you have two nic's in two PC's...? Ideally link-agg is used to combine two physical interfaces to 1logical interface, commonly used for uplink / server redundancy. Also, i could see in fortinet config you have mentioned 3 ports part of link-agg.

Please use below link for config guides https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=null&docLocale=en_US&docId=emr_na-c05367116

I am an HPE Employee

Accept or Kudo

0 Kudos
pificeli
Occasional Advisor

‎11-27-2018 01:52 AM

‎11-27-2018 01:52 AM

Re: Connectio FlexNetwork 7500 to Fortigate 380D

Hi,

thank you for reply.

this is my schema:

             |-----------------|                                        |-----------------|

PC1 --- |                         |                                        |                         | --- SRV1

             |     Fortigate    | ----- LAG x 2 nic's ----  |        7510         |

PC2 --- |                         |                                       |                         | --- SRV2

             |-----------------|                                        |-----------------|

7510 LAG have 2 nic's. 

Fortigate Aggregate Lan have 2 nic's, I attach the wrong file, the rest remain the same.

Iperf from PC1 to SRV1 is about 800 Mbit

Iperf from PC2 to SRV2 is about 50 Mbit

I don't know why!

Thank you

Pietro Ficeli
0 Kudos
parnassus
Honored Contributor

‎11-28-2018 07:24 AM - edited ‎11-28-2018 07:30 AM

‎11-28-2018 07:24 AM - edited ‎11-28-2018 07:30 AM

Re: Connectio FlexNetwork 7500 to Fortigate 380D

Could you please paste the output of the 

display link-aggregation verbose Bridge-Aggregation 1

CLI Command (run it on the HPE FlexNetwork 7510)?

That's to show us how the HPE FlexNetwork 7510 switch is connected to the peer's LACP as defined on your Fortigate [*] firewall.

[*] Does Fortigate 380D exist or are you referring to Fortigate 3800D? try to be a little bit more precise...

Edit: NIC is a wrong term here...a NIC is a Network Interface Card which could have one or more ports...indeed is a term used when you speak abot Hosts (Servers, Clients, etc.)...when you're referring to Switch(es) and Firewall(s) a more appropriate term is - physical - "Interface" or "Port"...an Interface/Port could also be a logical entity like the case of a LAG (when physical interfaces are aggregated into a logical interface, the LAG Link Aggregation Group or BAGG Bridge Aggregation Group...in switching terminology).

So you're testing one port of Host PC1 to one port of SRV1 (and one port of PC2 to one port of SRV2) via a LAG between two peers: your Fortigate firewall and your HPE FlexNetwork 7510. Have you tested opposite direction (SRVs to PCs)? same results?

 


I'm not an HPE Employee
Kudos and Accepted Solution banner
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.